Data Sovereignty

Data Sovereignty is the principle that data is subject to the laws and governance frameworks of the jurisdiction in which it is stored or processed — and, at the individual or organizational level, the right to decide which jurisdiction that is. It encompasses both the legal reality of what a government can compel and the practical question of where data physically resides and who holds the keys to it.

Why jurisdiction matters

Cloud providers headquartered in the United States are subject to the CLOUD Act (18 U.S.C. § 2713, signed 2018), which can compel them to produce customer data stored anywhere in the world in response to a lawful US legal order, regardless of where the data physically resides. Choosing a US-headquartered cloud provider is therefore implicitly also choosing US jurisdiction over your data. Similar extra-territorial provisions exist in the laws of other major cloud-provider jurisdictions. This is general legal context only and is not legal advice; consult a qualified attorney for guidance specific to your situation.

The sovereign path

Genuine data sovereignty requires hosting data on hardware you control, in a jurisdiction whose legal framework you have evaluated and accepted. For Canadian operators, Canadian digital sovereignty resources cover the regulatory landscape and local provider alternatives. D-Central's open data hub publishes mining datasets under CC BY 4.0 — an example of data made available without jurisdictional lock-in or vendor dependency.

Related terms: Digital Sovereignty, Compute Sovereignty, CLOUD Act